PT-2019-5413 · Mozilla+6 · Network Security Services+6

Publicado

2019-09-10

·

Atualizado

2024-06-15

·

CVE-2019-17006

CVSS v2.0

10

Crítica

VetorAV:N/AC:L/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Network Security Services (NSS) versions prior to 3.46
Description The issue arises from missing length checks in several cryptographic primitives. If the application using the library does not perform a sanity check on the inputs, it could result in a crash due to a buffer overflow. This can potentially allow a remote attacker to execute arbitrary code.
Recommendations For versions prior to 3.46, update to version 3.46 or later to resolve the issue. As a temporary workaround, consider implementing input sanity checks in the application calling the NSS library to minimize the risk of exploitation.

Exploit

Correção

Insufficient Verification of Data Authenticity

RCE

Heap Based Buffer Overflow

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-345CWE-20CWE-122CWE-119

Identificadores relacionados

ALT-PU-2019-2672
ALT-PU-2020-1616
BDU:2020-02871
CESA-2020_3280
CESA-2020_4076
CVE-2019-17006
DLA-2058-1
DLA-2388-1
DSA-4726-1
OESA-2021-1059
OPENSUSE-SU-2020:0008-1
OPENSUSE-SU-2020:0854-1
OPENSUSE-SU-2020_0008-1
OPENSUSE-SU-2020_0854-1
OPENSUSE-SU-2024:11058-1
RHSA-2020:3280
RHSA-2020:4076
RHSA-2020_3280
RHSA-2020_4076
RHSA-2021:0758
RHSA-2021:0876
RHSA-2021:1026
RLSA-2020:3280
SUSE-SU-2019:3395-1
SUSE-SU-2020:0088-1
SUSE-SU-2020:14418-1
SUSE-SU-2020:1677-1
SUSE-SU-2020:1839-1
SUSE-SU-2020_1677-1
SUSE-SU-2020_1839-1
USN-4231-1

Produtos afetados

Alt Linux
Centos
Network Security Services
Red Hat
Rocky Linux
Suse
Ubuntu